Traditional analysis of software systems includes both static analysis and dynamic analysis. Static analysis (also call white box testing) analyzes software system code for dependencies without relying on any external resources or dynamic events. Dynamic analysis (also called black box testing) on the other hand, executes the code and monitors its concrete execution. Another facet of dynamic analysis is testing how the system behaves when interacting with external files such as databases.
For example, Structured Query Language (SQL) queries in modern programming languages such as Visual Basic, Java, C++ and C# can be computed dynamically at run-time as strings, which are then sent to the database for execution. These strings contain the names of databases, tables, and fields, and can come from external sources such as user input, configuration files, or databases. Therefore, it is difficult to discover these names solely by static analysis, since the data dependencies between the program and the database component may not be discovered.
Some dependencies may occur in every execution of the application, while others may only happen on certain executions, depending on user input, external data and the non-deterministic nature of the running system. For example, dynamic loading in Java may lead to references between classes that are dynamically determined (and thus cannot be statically detected). Another example is the composition of Structured Query Language (SQL) queries as strings that may depend on external data.